Quoting Nicolas George (2020-01-12 14:28:06) > Anton Khirnov (12020-01-07): > > How is it any better in the unsigned case? You do a well-defined > > unsigned overflow and end up with an invalid channel count (which might > > even look sane). > > I explained this: you can guard against defined behaviors, not against > undefined behaviors, because the compilers are allowed to shunt the > checks, and they do.
Your explanation does not make sense to me. Checking for negative values is not guarding against overflow, it's "checking after the fact whether overflow occurred". Any such checks, whether signed or unsigned, are necessarily invalid and broken (hence the quotes). Guarding against overflow must always be done by checking BEFORE the operation that might overflow - again both for signed and unsigned. From this angle, there is no difference between using signed and unsigned values. The fact that in one case the overflow would have been UB and the other wouldn't changes nothing here. -- Anton Khirnov _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".